[00:00.000 --> 00:04.220]  running the password village. We wanted to start off getting you up and running with
[00:04.220 --> 00:10.240]  Hashcat on an NVIDIA GPU and then cover some basic attacks. The goal here is to start building
[00:10.440 --> 00:16.620]  a foundation that other talks throughout the village and DEF CON will expand on. So ideally
[00:16.620 --> 00:22.820]  you're going to have a GTX model NVIDIA card and be running Linux. The box we're on here
[00:22.820 --> 00:30.860]  is an AWS instance running the stock Ubuntu 20.04 AMI, and it has a Tesla T4, which isn't
[00:30.860 --> 00:36.500]  the greatest card for cracking, but it's going to work for our purposes. So Hashcat supports
[00:36.920 --> 00:42.220]  two modes of operation. You have OpenCL, which is a standard language, meaning that it's
[00:42.220 --> 00:50.300]  going to run on any card or CPU that supports OpenCL. That can be Intel, that can be AMD,
[00:50.300 --> 00:58.960]  that can be NVIDIA, and that can be AMD video cards. And then there's CUDA, which is specific
[00:58.960 --> 01:05.420]  to NVIDIA, which will allow us to eek just a bit more performance out of the card and
[01:05.420 --> 01:10.680]  get us some faster crack rates. Since we have an NVIDIA card on this box, we're going to
[01:10.680 --> 01:15.740]  go with the CUDA driver. Now we don't want to use the repo drivers. We don't want to
[01:15.740 --> 01:24.800]  use the repo drivers because the Ubuntu maintainers will include patches to those drivers that
[01:24.800 --> 01:32.620]  may fix a bug for a desktop environment, for instance, but it breaks the compatibility
[01:33.660 --> 01:39.560]  with the CUDA runtime and therefore breaks Hashcat. And we don't want that to happen.
[01:39.560 --> 01:46.660]  So we're going to use the driver that's supplied by NVIDIA, and we're going to use the CUDA
[01:46.660 --> 01:55.340]  toolkit version. So we are on Linux, we're on x86-64, so 64-bit processor or 64-bit system.
[01:55.340 --> 02:00.640]  We're running Ubuntu. We're running version 20.04. And then we have a couple of options
[02:00.640 --> 02:05.820]  here. So we have a run file, which is a local install, a local Debian install, which will
[02:05.820 --> 02:11.620]  create a Debian archive on your, or sorry, a Debian repo on your local box, and then
[02:11.620 --> 02:19.260]  you have the network install. Because we want to maintain compatibility between the CUDA
[02:19.260 --> 02:27.080]  version and the Hashcat release, we don't want to upgrade CUDA as part of a system upgrade
[02:27.080 --> 02:32.380]  on accident and break it. So we're going to go with the local run file. So we're going
[02:32.380 --> 02:50.540]  to copy this wget line here, paste that in. And then we're going to go ahead and grab
[02:50.540 --> 03:06.630]  our Hashcat binaries. And we're also want the PGP signature so that we can verify that
[03:06.630 --> 03:18.700]  it's legit. And then we're going to want to grab the Hashcat key. So we see here, we've
[03:18.700 --> 03:24.400]  got the fingerprint. Scroll over here a bit. So we've got the fingerprint here, and it
[03:24.400 --> 03:32.280]  says that it is on the PGP key servers. So we can use GPG to go ahead and import that
[03:32.280 --> 03:47.950]  key. Okay, we've got our key. And then let's verify that our download is actually signed
[03:47.950 --> 03:59.540]  and correct. Okay, so there we go, we've got a good signature. So we are good there.
[04:00.340 --> 04:06.480]  So we're also going to grab a word list. And we're going to grab that from Skull Security.
[04:06.620 --> 04:12.700]  And we're going to be using Rocky, which is kind of an old list, but it's also still really
[04:12.700 --> 04:37.750]  good. So let's grab that guy. Let's grab it incredibly slowly. So the next part, we'll
[04:37.750 --> 04:46.870]  go ahead and install the CUDA SDK. And it's going to fail the first time we run it, because
[04:46.870 --> 04:56.150]  we're on a brand new box that has no dependencies installed at all. So there are some things
[04:56.150 --> 05:02.090]  that the SDK is going to do, like build the NVIDIA driver, and it's going to need to have
[05:02.090 --> 05:07.230]  things like GCC and other libraries that it requires in order to do that. So what we're
[05:07.230 --> 05:12.110]  actually going to do is kind of walk through the steps on how we can make sure that we
[05:12.110 --> 05:19.330]  get all of those. Now that that's done, so we're going to do a search for an Aptcache
[05:19.330 --> 05:26.130]  search for the NVIDIA driver. And we can see that there are a bunch of them. So let's
[05:26.130 --> 05:33.870]  just say this guy right here. And it's the latest release that seems that Ubuntu has.
[05:33.870 --> 05:44.370]  And then we are going to apt-get build-dep NVIDIA driver 440. So we want to get all the
[05:44.370 --> 05:56.030]  dependencies that NVIDIA driver 440 requires. So we don't have any source listings for non-binary
[05:56.030 --> 06:11.660]  polls in our apt-config. So let's go ahead and make that happen. Make sure we get the
[06:11.660 --> 06:19.640]  editor in there as well. So we're going to uncomment this, and we're going to uncomment
[06:19.640 --> 06:46.890]  this and that's all we need. Do a quick update. And let's try that again. Okay. So we're going
[06:46.890 --> 06:54.570]  to go ahead and let all that install. So this will allow us to build our driver. We also
[06:54.570 --> 06:58.330]  need to grab one more thing because hashcat is packaged in the 7-zip format, we'll need
[06:58.330 --> 07:57.080]  to grab p7-zip. Any day now. AWS? Thank you. So we'll grab p7-zip as well. Hopefully that
[07:57.080 --> 08:09.660]  didn't take as long. And we're going to bypass some of this. So if you run the CUDA SDK installer,
[08:09.660 --> 08:15.780]  it has a kind of menu-driven interface. We don't want that. So we're going to run it
[08:15.780 --> 08:24.500]  in silent mode, and we want to install the driver and the toolkit. And this is going
[08:24.500 --> 08:33.080]  to take a minute. Okay. Now there's one other step that if we had used the menu-driven method,
[08:33.080 --> 08:48.220]  it would tell us that we need to add some stuff to our path. So if we look at ldsoconf.conf.d,
[08:48.740 --> 08:56.460]  so it already wrote our CUDA library path, so that's good. But it did not write the path
[08:56.460 --> 09:06.180]  update for our profile. So we need to go ahead and add that in. So we'll do a sudo vi slash etc
[09:07.960 --> 09:19.900]  profile.d, and we'll call this cuda.sh. And then in here, we're basically just adding the path to
[09:19.900 --> 09:28.220]  the CUDA binaries to our system path. And then this is going to load every time a new instance
[09:28.220 --> 09:41.240]  is spawned. So we'll go ahead and source accept profile so we get the update. Okay. And then we
[09:41.240 --> 09:53.810]  also need to run ldconfig so that it updates the library path. Okay. And then let's check
[09:53.810 --> 10:01.230]  NVIDIA SMI and make sure that it sees our card. And it does. So we've got our Tesla T4,
[10:01.910 --> 10:08.850]  and it is running on the driver version that was supplied with the CUDA SDK, which is 450.51.05.
[10:08.850 --> 10:18.290]  It's right here. And we can see we're on CUDA version 11. So that's good. So next,
[10:18.290 --> 10:25.590]  let's unpack Hashcat. So we're going to 7zip extract hashcat.7zip.
[10:26.850 --> 10:33.110]  And while we're at it, let's go ahead and bunzip to rocky.txt.
[10:39.220 --> 10:45.800]  All right. So let's make sure that Hashcat sees our video card now.
[10:49.160 --> 10:54.400]  And it does. And it sees that it can run in either CUDA or OpenCL mode.
[10:55.120 --> 11:01.780]  It's going to default to the CUDA version here. So we don't need to worry about the OpenCL info
[11:01.780 --> 11:11.220]  below us. And then let's just do a quick benchmark to make sure that we actually get running.
[11:12.700 --> 11:17.560]  Okay, so we can see that it selected our device. It skipped the OpenCL
[11:18.440 --> 11:23.320]  part of that because it has the CUDA API. And there we go.
[11:27.340 --> 11:33.180]  So let's move into doing some simple attacks with Hashcat.
[11:36.910 --> 11:41.430]  So we're going to go back to the Password Village site, which is at passwordvillage.org.
[11:42.010 --> 11:50.570]  And we are going to grab some NT hashes. So we've got our Hashcat examples here.
[11:52.210 --> 11:58.310]  You can copy and paste these off the site and follow along if you are set up to do so.
[11:59.830 --> 12:01.950]  Let's get rid of this.
[12:04.030 --> 12:13.870]  We'll call this NT.hash. We'll paste those guys in using whatever editor you desire.
[12:15.950 --> 12:24.050]  And then we used Hashmode 1000 here because I know that 1000 is NTLM.
[12:25.670 --> 12:32.290]  But if you needed to find it, you could do a Hashcat help and then grep.
[12:32.690 --> 12:39.090]  We'll do a dash I so we do a case insensitive search and look for NTLM.
[12:39.870 --> 12:47.670]  And we can see right here NTLM is Mode 1000. Net NTLM V1 and V2 are different hash types.
[12:47.670 --> 12:53.830]  Typically, you see those coming out of Responder, which I believe EvilMog is going to do a talk on
[12:53.830 --> 13:01.210]  later in the day that will quickly cover those. So we want Hashcat
[13:03.090 --> 13:10.730]  TACM 1000 for Mode. We want our NT.hash file. And then we want to run this against RockYou.
[13:16.800 --> 13:20.700]  So it's going to initialize the device there. It's going to load the dictionary.
[13:20.800 --> 13:26.840]  And then it cracked all our hashes. It cracked all our hashes because these hashes were generated
[13:26.840 --> 13:34.580]  from RockYou. So you would expect to get all of those. If you were pulling hashes from the wild,
[13:34.580 --> 13:40.200]  you know, RockYou may crack one of them, it may crack none of them, or it may crack all of them,
[13:40.200 --> 13:46.360]  depending on how good the password policy of the company or the site that was compromised
[13:46.360 --> 13:51.420]  and the hashes were leaked from. So to kind of walk through this a little bit, there's a lot
[13:51.420 --> 13:56.360]  going on on the screen here. So we have our hashes up here and we have the associated plain text on
[13:56.360 --> 14:04.040]  the opposite side. So you've got, this is a hash, we've got a separator, and then we have the plain
[14:04.040 --> 14:12.300]  text of this hash. And then we've got 10 of those. So we had a session name of hashcat. If we were
[14:14.560 --> 14:19.480]  doing some session stuff where maybe we wanted to stop this and resume it later,
[14:19.480 --> 14:24.240]  this name is important. We're not going to cover that here. The status would normally be running,
[14:24.240 --> 14:29.280]  but since we only had a small sample and we knew the plain text for all of those, it cracked them
[14:29.280 --> 14:38.720]  all pretty quick. We were running against NTLMs. Our hash target was the hash file that we supplied
[14:38.720 --> 14:46.140]  called nt.hash. The guest base, meaning the candidate words that we were selecting from,
[14:46.140 --> 14:52.580]  came from a file called rockyou.txt. The speed of our device, which is actually pretty slow
[14:52.580 --> 15:01.420]  compared to what we saw up here in the benchmark, because it never got fully up to speed. Where are
[15:01.420 --> 15:20.220]  we at here? Right here. So we can see here we were going at about 35.7 billion.
[15:21.280 --> 15:28.160]  It's pretty quick. But down here we were only going at about 7.7 million. So
[15:31.040 --> 15:36.500]  that's mainly because we didn't have enough work to supply the GPU, but also because
[15:36.500 --> 15:42.460]  we cracked all the hashes so quickly that it never got a chance to get up to full speed.
[15:42.840 --> 15:48.760]  So we recovered all 10 of our hashes, so we had 10 digests. A hash is also called a digest.
[15:49.100 --> 15:55.540]  It ran through the entire list of words, so we had 14.3 million possible candidates,
[15:56.180 --> 16:02.160]  and we exhausted that entire space. It rejected none of them, and a rejection can come from
[16:03.460 --> 16:09.160]  a word that's too long. We had a restore point, which we didn't use because we're not doing a
[16:09.160 --> 16:14.690]  restore. And then we had the candidates down here. Now in a long run, this is going to show
[16:17.930 --> 16:26.130]  a sample of what words are currently being tried against the hashes. And here we have
[16:26.130 --> 16:36.070]  some hex representation, and this is probably because we have a colon, which is a separator
[16:36.070 --> 16:42.230]  that HashCat uses internally. So it's going to put that into a hex representation so that it
[16:42.230 --> 16:47.010]  doesn't accidentally cut your hash or your plain text in the wrong spot. And then we have our
[16:47.010 --> 16:52.570]  hardware monitor, which was telling us some statistics about the card. So it was running at
[16:52.570 --> 16:59.130]  59 degrees Celsius, it was at 75% utilization, and then our core speed, the memory speed,
[16:59.130 --> 17:10.330]  and the bus workload. So that's a very simple dictionary attack. So let's try
[17:17.020 --> 17:21.920]  let's try doing a combinator attack. Now a combinator attack is when
[17:23.520 --> 17:30.160]  you take two word lists, and HashCat is going to take one word from one word list and one word
[17:30.160 --> 17:34.680]  from the other word list and smash them together and try that as a candidate. And it's going to
[17:34.680 --> 17:45.080]  do that for each one. So in very large runs, this is not really the best attack to do because it can
[17:45.080 --> 17:49.800]  take years to complete. So if we were to use Rocky with Rocky, for instance, we're doing
[17:50.740 --> 17:57.360]  14.3 million to the 14.3 million, which ends up being some ridiculous number that we're probably
[17:57.360 --> 18:05.040]  never going to exhaust. The example dictionaries here are actually reasonably small and it's a
[18:05.040 --> 18:12.320]  really good baseline for showing how the attack works. So we can copy this.
[18:15.160 --> 18:22.260]  So we're going to use A1, which is the attack mode for combinator. These hashes are MD5,
[18:22.260 --> 18:30.020]  so we're going to say M0. M0 is the mode identifier for MD5. HashCat provides an example list of
[18:30.020 --> 18:35.760]  hashes. So this is going to be the list of MD5 hashes and then the two example dictionaries,
[18:35.760 --> 18:39.300]  which are actually the same dictionary, so we're just going to specify it twice.
[18:39.300 --> 18:45.580]  You could do this with two different dictionaries. So if you had example.dict and then example1.dict
[18:45.580 --> 18:50.620]  that has some different word set in it, that will work and you could even reverse some.
[18:52.620 --> 18:54.920]  So let's go ahead and run this.
[18:56.500 --> 18:59.380]  Go ahead and run this with the right name.
[19:06.930 --> 19:14.610]  And yeah, that's a lot. So we had, if we go back to our status output here,
[19:15.390 --> 19:21.090]  we know all this. We had a file which was example.dict on the left side and a file which was
[19:21.090 --> 19:28.310]  example.dict on the right side. So if you think about it this way, you have example.dict
[19:30.270 --> 19:38.350]  and then example.dict. So this is going to be the left side, this is going to be the right side,
[19:38.910 --> 19:46.330]  and then again, Hashcat just combined left and right, made a single word out of it,
[19:46.330 --> 19:49.370]  hashed it, and then checked it against the list of hashes.
[19:50.070 --> 19:57.070]  So we can see here that we went quite a bit faster this time. So we went at 5.8 billion
[19:57.810 --> 20:09.050]  candidates per second. We recovered 2,906 of 6,494 digests, so just under 45 percent,
[20:09.630 --> 20:17.970]  and we have 3,588 hashes remaining. So the next one we'll do
[20:24.030 --> 20:31.830]  is a brute force. Now, this is going to be a very simple example of a mask attack,
[20:31.830 --> 20:38.310]  we'll talk about mask attacks later. Brute forcing is when we take
[20:42.230 --> 20:49.810]  a string and then increment it by either a number or a letter to exhaust a full key space.
[20:49.810 --> 20:58.230]  So in this case, we're doing 1, 2, 3, let's see, 1, 2, 3, 4, 5,
[20:59.290 --> 21:07.630]  6 spaces of all characters, so that's numbers, letters, lowercase and uppercase, and then
[21:07.630 --> 21:15.730]  specials. This is again going to be MD5. We're going to use the same example hash set that we
[21:15.730 --> 21:24.730]  used before. A3 is to specify a mask attack or a brute force attack, and then get this right
[21:24.730 --> 21:35.950]  the first time, and then we let it run. So you'll see here that we're only going to crack
[21:35.950 --> 21:42.630]  six-character passwords because we only specified for HashCat to crack six-character passwords.
[21:43.250 --> 21:49.070]  We can see we've got some lowercase, we had some numbers, now we've got an uppercase here,
[21:49.070 --> 21:54.370]  there's an uppercase there, some stuff starting with numbers,
[21:54.370 --> 21:58.930]  so lowercase. Okay.
[22:00.630 --> 22:06.530]  So what HashCat was doing in that mode was, so we had this mask specified.
[22:07.370 --> 22:14.450]  We said we want to try all possible combinations of all printable ASCII characters on a standard
[22:14.450 --> 22:20.110]  keyboard. So we have 95 of those. So for each one of these positions, it's going to try
[22:20.670 --> 22:31.490]  all 95 possibilities. So if we look at it this way, let's say it starts at 1, 2, 3, 4, 5, 6 As,
[22:32.770 --> 22:42.090]  and then it tries 1, 2, 3, 4, 5, 6 with a B, and then it tries 1, 2, 3, 4, 5 with a C,
[22:42.090 --> 22:50.270]  and it continues to increment until C gets to Z, and then it shifts by 1.
[22:51.070 --> 23:01.950]  So then we have 1, 2, 3, 4, B, A, 1, 2, 3, 4, B, B, and so on and so forth. But
[23:01.950 --> 23:11.270]  since we're going so fast, the incrementing of the characters goes ridiculously fast.
[23:12.830 --> 23:21.590]  So that is your basic rundown of the three very basic attack modes that HashCat does.
[23:22.090 --> 23:29.690]  You can go back and take a look at the standard attacks that are specified on the Password
[23:29.690 --> 23:35.730]  Village website if you need help understanding what was going on, and also some examples of
[23:35.730 --> 23:39.710]  how to use the commands for a given attack mode.
[23:41.670 --> 23:46.710]  So that's all we've got for now, and hope you join us for the next talk!
